Summary

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Versions

These updates will address critical vulnerabilities in the software. Adobe will be assigning the following priority ratings to these updates:

Solution

Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:

Users can update their product installations manually by choosing Help > Check for Updates.

The products will update automatically, without requiring user intervention, when updates are
detected.

As noted in this previous announcement, support for Adobe Acrobat 11.x and Adobe Reader 11.x ended on October 15, 2017. Version 11.0.23 is the final release for Adobe Acrobat 11.x and Adobe Reader 11.x. Adobe strongly recommends that you update to the latest versions of Adobe Acrobat DC and Adobe Acrobat Reader DC. By updating installations to the latest versions, you benefit from the latest functional enhancements and improved security measures.

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Out-of-bounds write

Arbitrary Code Execution

Critical

CVE-2018-12808

Untrusted pointer dereference

Arbitrary Code Execution

Critical

CVE-2018-12799

Acknowledgements

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: